Vulnerability Description
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pentasecurity | Wapples | >= 4.0.54.1, <= 6.0.0 |
Related Weaknesses (CWE)
References
- https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systemPatchProductThird Party Advisory
- https://medium.com/%40_sadshade/wapples-web-application-firewall-multiple-vulner
- https://www.pentasecurity.com/product/wapples/ProductVendor Advisory
- https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systemPatchProductThird Party Advisory
- https://medium.com/%40_sadshade/wapples-web-application-firewall-multiple-vulner
- https://www.pentasecurity.com/product/wapples/ProductVendor Advisory
FAQ
What is CVE-2022-35413?
CVE-2022-35413 is a vulnerability with a CVSS score of 9.8 (CRITICAL). WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to th...
How severe is CVE-2022-35413?
CVE-2022-35413 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-35413?
Check the references section above for vendor advisories and patch information. Affected products include: Pentasecurity Wapples.